This post is a collection of things to form a best practice for mac security.
1) enable password after sleep or screensaver.
settings > security > require a password immediately after sleep or screensaver.
This will stop anyone who sneaks up on your machine when your not there from using it without them knowing your password.
2) enable full disk encryption with file vault.
see this post. This will stop anyone from reading your harddrive without knowing your password (eg if your machine gets stolen).
3) encrypt flash drives / external drives
see this post. This will stop anyone from reading your flash drive without knowing your password (eg if it gets stolen). it also works on sdcards.
4) only enable apps from the app store.
settings > security > general > allow applications downloaded form > mac app store.
This will stop software that hasnt been downloaded from the app store from running.
5) turn on firewall.
settings > security > firewall.
This will stop people getting in to your machine from the network.
6) enable stealth mode.
settings > security > firewall > firewall options > enable stealth mode.
This will stop your machine from responding to ping and other icmp requests
7) require passwords for administrative changes.
settings > security > general > advanced > require an administrator password to access locked preferences.
This will stop anyone who does have access to your machine from making changes without knowing your password
8) enable screensaver with auto lock after inactivity.
settings > desktop and screensaver > screensaver > start after [pick time].
in combination with #1 on this list means if you forget to log out then your screensaver starts and the password has to be entered to use your machine
9) Disable all sharing options.
Settings > sharing > turn everything off.
This limits the attack vectors for people on the outside gaining access to your machine
I usually combine two of these and get my keychain to remember them so I don’t have to. iCloud keychain in mavericks will help with this as it generates monster passwords. If you don’t do anything else from this list, this one helps the most with a best practice for mac security.
11) disable automatic login.
settings > users > login options > automatic login > off.
this means someone cant restart your machine and auto log in and gain access to your account.
12) disable guest users.
settings > users > guest users > un-tick ‘allow guests to log in to this computer’.
this means that someone cant get access to your machine without knowing the password for a user account.
There are many more things you can do to secure your mac, hopefully these help with a best practice for mac security.